summaryrefslogtreecommitdiff
path: root/modules
AgeCommit message (Collapse)Author
2021-06-25fileserver: Clarify docs about canonicalizationMatthew Holt
Related to https://github.com/caddyserver/caddy/issues/4205.
2021-06-25caddytls: Remove "IssuerRaw" fieldMatthew Holt
Has been deprecated and printing warnings for about 8 months now. Replaced by "IssuersRaw" field in v2.3.0.
2021-06-21acmeserver: Trim slashes from path prefixMatthew Holt
See https://caddy.community/t/mtls-tls-internal-error/12807
2021-06-18encode: Tweak compression settings (#4215)Klaus Post
* Tweak compression settings zstd: Limit window sizes to 128K to keep memory in control both server and client size. zstd: Write 0 length frames. This may be needed for compatibility. zstd: Create fewer encoders. Small memory improvement. gzip: Allow -2 (Huffman only) and -3 (stateless) compression modes. * Update modules/caddyhttp/encode/zstd/zstd.go Update docs. Co-authored-by: Francis Lavoie <lavofr@gmail.com> Co-authored-by: Francis Lavoie <lavofr@gmail.com>
2021-06-17caddyhttp: Refactor and export SanitizedPathJoin for use in fastcgi (#4207)Matt Holt
2021-06-17fileserver: Only redirect if filename not rewritten (fix #4205)Matthew Holt
This is the more correct implementation of 23dadc0d86dd75dad7559c25f20c9641bc7bc30f (#4179)... I think. This commit effectively undoes the revert in 8848df9c5d372a559d01512b7a4ef00e38867b55, but with corrections to the logic. We *do* need to use the original request path (the path the browser knows) for redirects, since they are external, and rewrites are only internal. However, if the path was rewritten to a non-canonical path, we should not redirect to canonicalize that, since rewrites are intentional by the site owner. Canonicalizing the path involves modifying only the suffix (base element, or filename) of the path. Thus, if a rewrite involves only the prefix (like how handle_path strips a path prefix), then we can (hopefully!) safely redirect using the original URI since the filename was not rewritten. So basically, if rewrites modify the filename, we should not canonicalize those requests. If rewrites only modify another part of the path (commonly a prefix), we should be OK to redirect.
2021-06-16Some misc. cleanupMatthew Holt
The fastcgi changes came from v1 which don't make sense in v2. Fix comment about default value in reverse proxy keep alive.
2021-06-16fileserver: Don't persist parsed template (fix #4202)Matthew Holt
Templates are parsed at request-time (like they are in the templates middleware) to allow live changes to the template while the server is running. Fixes race condition. Also refactored use of a buffer so a buffer put back in the pool will not continue to be used (written to client) in the meantime. A couple of benchmarks removed due to refactor, which is fine, since we know pooling helps here.
2021-06-15reverseproxy: Fix overwriting of max_idle_conns_per_host (closes #4201)Matthew Holt
Also split the Caddyfile subdirective keepalive_idle_conns into two properties so the conns and conns_per_host can be set separately. This is technically a breaking change, but probably anyone who this breaks already had a broken config anyway, and silently fixing it won't help them fix their configs.
2021-06-14Revert "fileserver: Redirect within the original URL (#4179)"Matthew Holt
This reverts commit f9b54454a19e2b070159ce8d2af76d819658244e. /cc @diamondburned (see #4205)
2021-06-08httpcaddyfile: Add `preferred_chains` global option and issuer subdirective ↵Klooven
(#4192) * Added preferred_chains option to Caddyfile * Caddyfile adapt tests for preferred_chains
2021-06-07fileserver: Fix browse not redirecting query parameters (#4196)diamondburned
This commit is a follow up to PR #4179 that introduced a bug where browse redirections to the right URL would not preserve query parameters.
2021-06-07caddytls: Add Caddyfile support for `propagation_timeout` (#4178)Peter Magnusson
* add propagation_timeout to UnmarshalCaddyfile - Closes #4177 * added caddyfile_adapt test
2021-06-07fileserver: Redirect within the original URL (#4179)diamondburned
This commit changes the file_server directive to redirect using the original request's URL instead of the possibly trimmed URL. This should make file_server work with handle_path. This fix is taken from mholt's comment in https://caddy.community/t/file-servers-on-different-paths-not-working/11698/11.
2021-06-04reverseproxy: Always remove hop-by-hop headersMatthew Holt
See golang/go#46313 Based on https://github.com/golang/go/commit/950fa11c4cb01a145bb07eeb167d90a1846061b3
2021-06-04logging: Actually use `level_key` (#4189)Francis Lavoie
2021-06-03go.mod: Update direct dependenciesMatthew Holt
2021-05-19logging: Implement dial timeout for net writer (fix #4083) (#4172)Matt Holt
* logging: Implement dial timeout for net writer (fix #4083) * Limit how often redials are attempted This should cause dial blocking to occur only once every 10 seconds at most, but it also means the logger connection might be down for up to 10 seconds after it comes back online; oh well. We shouldn't block for DialTimeout at every single log emission. * Clarify offline behavior
2021-05-12reverseproxy: Set the headers in the replacer before `handle_response` (#4165)Francis Lavoie
Turns out this was an oversight, we assumed we could use `{http.response.header.*}` but that doesn't work because those are grabbed from the response writer, and we haven't copied any headers into the response writer yet. So the fix is to set all the response headers into the replacer at a new namespace before running the handlers. This adds the `{http.reverse_proxy.header.*}` replacer. See https://caddy.community/t/empty-http-response-header-x-accel-redirect/12447
2021-05-10caddyfile: Fix `caddy fmt` nesting not decrementing (#4157)Matthew Penner
* caddyfile(formatter): fix nesting not decrementing This is an extremely weird edge-case where if you had a environment variable {} on one line, a comment on the next line, and the closing of the block on the following line; the rest of the Caddyfile would be indented further than it should've been. ref; https://github.com/matthewpi/vscode-caddyfile-support/issues/13 * run gofmt * fmt: better way of handling edge case
2021-05-10encode: Drop `prefer` from Caddyfile (#4156)Francis Lavoie
Followup to #4150, #4151 /cc @ueffel @polarathene After a bit of discussion with @mholt, we decided to remove `prefer` as a subdirective and just go with using the order implicitly always. Simpler config, simpler docs, etc. Effectively changes 7776471 and reverts a small part of f35a7fa.
2021-05-10encode: Default to order the formats are enabled for `prefer` in Caddyfile ↵Francis Lavoie
(#4151)
2021-05-08caddytls: Run replacer on ask URL, for env vars (#4154)Francis Lavoie
Fixes #3922
2021-05-05caddyhttp: Fix fallback for the error handler chain (#4131)Francis Lavoie
* caddyhttp: Fix fallback for the error handler chain The fix I went with in the end (after realizing some mistaken assumptions in #4131) is to just make the routes fall back to errorEmptyHandler instead of the non-error empty handler, if Terminal is true, making the routes error-aware. Ultimately this was probably just an oversight when errors was implemented at some point in the early betas of v2. See https://caddy.community/t/problem-with-basicauth-handle-errors/12243/9 for context. * Revert "caddyhttp: Fix fallback for the error handler chain" This reverts commit 95b6ac44a6122d3ca5513a13bbc723cd5f4785f8. * caddyhttp: Fix via `routes.go`
2021-05-05reverseproxy: Minor logging improvementsMatthew Holt
2021-05-04fileserver: Fix `file` matcher with empty `try_files` (#4147)Francis Lavoie
* fileserver: Fix `file` matcher with empty `try_files` Fixes https://github.com/caddyserver/caddy/issues/4146 If `TryFiles` is empty, we fill it with `r.URL.Path`. In this case, this is `/`. Then later, in `prepareFilePath()`, we run the replacer (which turns `{path}` into `/` at that point) but `file` remains the original value (and the placeholder is still the placeholder there). So then `strings.HasSuffix(file, "/")` will be `false` for the placeholder, but `true` for the empty `TryFiles` codepath, because `file` was `/` due to being set to the actual request value beforehand. This means that `suffix` becomes `//` in that case, so after `sanitizedPathJoin`, it becomes `./`, so `strictFileExists`'s `strings.HasSuffix(file, separator)` codepath will return true. I think we should change the `m.TryFiles == nil` codepath to `m.TryFiles = []string{"{http.request.uri.path}"}` for consistency. (And maybe consider hoisting this to `Provision` cause there's no point doing this on every request). I don't think this "optimization" of directly using `r.URL.Path` is so valuable, cause it causes this edgecase with directories. * Update modules/caddyhttp/fileserver/matcher.go Co-authored-by: Matt Holt <mholt@users.noreply.github.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-02reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) (#4021)Francis Lavoie
* reverseproxy: Add `handle_response` blocks to `reverse_proxy` (#3710) * reverseproxy: complete handle_response test * reverseproxy: Change handle_response matchers to use named matchers reverseproxy: Add support for changing status code * fastcgi: Remove obsolete TODO We already have d.Err("transport already specified") in the reverse_proxy parsing code which covers this case * reverseproxy: Fix support for "4xx" type status codes * Apply suggestions from code review Co-authored-by: Matt Holt <mholt@users.noreply.github.com> * caddyhttp: Reorganize response matchers * reverseproxy: Reintroduce caddyfile.Unmarshaler * reverseproxy: Add comment mentioning Finalize should be called Co-authored-by: Maxime Soulé <btik-git@scoubidou.com> Co-authored-by: Matt Holt <mholt@users.noreply.github.com>
2021-05-02caddyhttp: performance improvement in HeaderRE Matcher (#4143)Calvin Xiao
Below is the report using `benchstat` and cmd: `go test -run=BenchmarkHeaderREMatcher -bench=BenchmarkHeaderREMatcher -benchmem -count=10` ``` name old time/op new time/op delta HeaderREMatcher-16 869ns ± 1% 658ns ± 0% -24.29% (p=0.000 n=10+10) name old alloc/op new alloc/op delta HeaderREMatcher-16 144B ± 0% 112B ± 0% -22.22% (p=0.000 n=10+10) name old allocs/op new allocs/op delta HeaderREMatcher-16 7.00 ± 0% 5.00 ± 0% -28.57% (p=0.000 n=10+10) ```
2021-04-30fileserver: Share template logic for both `templates` and `file_server ↵Jason Du
browse` (#4093) Co-authored-by: Matthew Holt <mholt@users.noreply.github.com>
2021-04-30caddytls: Implement remote IP connection matcher (#4123)Matt Holt
* caddytls: Implement remote IP connection matcher * Implement IP range negation If both Ranges and NotRanges are specified, both must match.
2021-04-29reverseproxy: fix hash selection policy (#4137)Simão Gomes Viana
* caddyhttp: reverseproxy: fix hash selection policy Fixes: #4135 Test: go test './...' -count=1 * caddyhttp: reverseproxy: add test to catch #4135 If you revert the last commit, the test will fail.
2021-04-29fileserver: Better handling of HTTP status override (#4132)Francis Lavoie
2021-04-21caddytls: Add `load_storage` module (#4055)Francis Lavoie
An idea that came up in https://caddy.community/t/save-internally-issued-wildcard-certificate-in-consul/11740, this a simple module that might be useful for anyone who uses storage modules that aren't filesystem, to let them load certs/keys externally issued for use by Caddy. Bit goofy, since we need to fetch the certmagic.Storage during provisioning, it needs a wrapping struct instead of just being an array like `load_files`. Future work might involve adding Caddyfile support via a subdirective of the `tls` directive maybe?
2021-04-21reverseproxy: Admin endpoint for reporting upstream statuses (#4125)Francis Lavoie
2021-04-19caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs (#4033)Francis Lavoie
* caddyhttp: Implement better logic for inserting the HTTP->HTTPS redirs * caddyhttp: Add integration test
2021-04-12caddytls: Disable OCSP stapling for manual certs (#4064)Matthew Holt
2021-04-12caddytls: Configurable storage clean intervalMatthew Holt
Can drastically reduce costs on storage backends where scans are expensive. Also reduced default interval to 24h. See https://github.com/silinternational/certmagic-storage-dynamodb/issues/18
2021-04-08ci: fuzz: add 4 more fuzzing targets (#4105)Mohammed Al Sahaf
2021-04-08fileserver: Add status code override (#4076)Francis Lavoie
After reading a question about the `handle_response` feature of `reverse_proxy`, I realized that we didn't have a way of serving an arbitrary file with a status code other than 200. This is an issue in situations where you want to serve a custom error page in routes that are not errors, like the aforementioned `handle_response`, where you may want to retain the status code returned by the proxy but write a response with content from a file. This feature is super simple, basically if a status code is configured (can be a status code number, or a placeholder string) then that status will be written out before serving the file - if we write the status code first, then the stdlib won't write its own (only the first HTTP status header wins).
2021-04-01Minor tweaksMatthew Holt
2021-03-30reverseproxy: Set cookie path to `/` when using cookie lb_policy (#4096)Dimitri Masson
2021-03-29encode,staticfiles: Content negotiation, precompressed files (#4045)Steffen Brüheim
* encode: implement prefer setting * encode: minimum_length configurable via caddyfile * encode: configurable content-types which to encode * file_server: support precompressed files * encode: use ReponseMatcher for conditional encoding of content * linting error & documentation of encode.PrecompressedOrder * encode: allow just one response matcher also change the namespace of the encoders back, I accidently changed to precompressed >.> default matchers include a * to match to any charset, that may be appended * rounding of the PR * added integration tests for new caddyfile directives * improved various doc strings (punctuation and typos) * added json tag for file_server precompress order and encode matcher * file_server: add vary header, remove accept-ranges when serving precompressed files * encode: move Suffix implementation to precompressed modules
2021-03-29reverseproxy: Implement health_uri, deprecate health_path, supports query ↵Francis Lavoie
(#4050) * reverseproxy: Implement health_uri, replaces health_path, supports query Also fixes a bug with `health_status` Caddyfile parsing , it would always only take the first character of the status code even if it didn't end with "xx". * reverseproxy: Rename to URI, named logger, warn in Provision (for JSON)
2021-03-29go.mod: Migrate to golang.org/x/term (#4073)Simão Gomes Viana
golang.org/x/crypto/ssh/terminal is deprecated in favor of golang.org/x/term See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152150495 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) See https://github.com/caddyserver/caddy/pull/4073/checks?check_run_id=2152228516 Error: SA1019: package golang.org/x/crypto/ssh/terminal is deprecated: this package moved to golang.org/x/term. (staticcheck) Test: go test -count=1 './...'
2021-03-29caddyhttp: improve grammar of comment for AllowH2C (#4072)Simão Gomes Viana
2021-03-29headers: Fix Caddyfile parsing for `request_header` with matchers (#4085)Francis Lavoie
2021-03-19fileserver: Add a few more debug lines (#4063)Francis Lavoie
2021-03-19fileserver: Browse listing supports dark mode (#4066)rai
* Add dark color scheme media query * Theme search box, make everything less contrasting * Further contrast tweaks
2021-03-12httpcaddyfile: Add `error` directive for the existing handler (#4034)Francis Lavoie
* httpcaddyfile: Add `error` directive for the existing handler * httpcaddyfile: Move `error` to the end of the order
2021-03-12logging: add replace filter for static value replacement (#4029)Aaron Taylor
This filter is intended to be useful in scenarios where you may want to redact a value with a static string, giving you information that the field did previously exist and was present, but not revealing the value itself in the logs. This was inspired by work on adding more complete support for removing sensitive values from logs [1]. An example use case would be the Authorization header in request log output, for which the value should usually not be logged, but it may be quite useful for debugging to confirm that the header was present in the request. [1] https://github.com/caddyserver/caddy/issues/3958